SECaaS — Security as a Service
The objective with this guide is demonstrate a security deployment with opensource tools.
This security architecture enables us monitor, analyse, alert, handling incident response and generate reports. Also we can enrich our data with IOC’s.
Architecture and Tools Overview
The following diagram represents our deployment.
Definitions
Snort
Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world.
Wazuh
Wazuh is an open source security monitoring solution which collects and analyzes host security data. It is a fork of the older, better known OSSEC project.
Elasticsearch Stack
Elasticsearch will act as our log repository.
ElastAlert
ElastAlert is an open source project that provide an alerting mechanism for Elasticsearch.
TheHive
TheHive is an alert management platform for managing an incident alert from creation to closure.
Cortex
Cortex allows the use of “analyzers” (113 as of this writing) to gain additional information on the indicators already present in your logs.
MISP
MISP is an open source threat sharing platform maintained by CIRCL which, among many other uses, allows the operator to subscribe to threat intelligence feeds.
VulnWhisperer
VulnWhisperer is a vulnerability data and reports aggregator.
Nessus
Nessus is a free vulnerability scanner that provides an entry point for vulnerability assessment.
Honeypot Dionea
Dionaea intention is to trap malware exploiting vulnerabilities exposed by services offered to a network, gaining a copy of the malware.
Deploying
Follow the guides below with the detailed installation and configuration.